Why social networks like their privacy policies private

Social networks continue to grow apace with an estimated 690 million using services like Facebook, MySpace or Orkut worldwide. That’s a phenomenon that concerns privacy advocates worried about users’ data being exploited for commercial or criminal purposes.

You might expect those concerns to lessen as networks compete to have the best privacy policies in the race to gain more users and hence more personal data. However, a team at the University of Cambridge, UK, has found that social networks appear loath to mention privacy to their users. And a recent psychology experiment could explain why.

Buried policies

The Cambridge study, conducted by Joseph Bonneau and Sören Preibusch, examined the privacy provisions and claims of 29 general-purpose social networking sites, including Facebook and MySpace.

Advertisement

All of the sites have a privacy policy and many use it to emphasise the importance of user privacy to the company. Seven have even paid for independent privacy certifications provided by the likes of TRUSTe – a commercial site that helps companies maintain privacy policies, and provides a seal of approval intended to reassure end users.

But despite having coughed up the cash, in all cases the networks opted to hide the seal away on the privacy policy page rather than display it on the home page – a fact that suggested to the Cambridge team that networks are not keen to remind users about privacy.

The survey also suggests there is good reason for that; the seven sites that promote their privacy policy appear to be growing more slowly than competitors that do not.

Privacy put-off

A recent study by Alessandro Acquisti and colleagues at Carnegie Mellon University, Pittsburgh, Pennsylvania, points to why making privacy protection more conspicuous may actually deter users from sharing information.

In the paper, posted this month on the Social Science Research Network, college students were asked to complete a questionnaire about their attitude towards coursework. The team found participants were less likely to reveal wrongdoings if they were first made to think about privacy – even though that was done through an assurance of confidentiality.

This effect, called “privacy saliency”, makes social networks loathe to make visible their efforts to protect privacy, says Acquisti.

Minority reporters

Combined with the fact most users – the “pragmatic majority” as security researchers have dubbed them – do not worry about privacy, the result is a market that appears to provide little incentive develop policies that favour users.

Bonneau and Preibusch call for a policy change, with networks agreeing not to share data until a user has explicitly given permission. But given that sharing users’ personal data with third parties seems the only viable business model on offer for the networks, are those calls pie in the sky?

Perhaps not&colon; while the pragmatic majority have a relaxed attitude to privacy, a minority of “privacy fundamentalists” feel differently, according to Bonneau and Preibusch. This group is concerned enough about issues of privacy to potentially embarrass sites through blogs or the media, as happened to Facebook earlier this year. That helps keep social networks on their toes.

And there’s evidence that the pressure is having an effect. The Cambridge analysis found that the oldest and largest sites had a better record on privacy than younger, smaller ones. “One reason for that is the privacy they do provide is reactive,” says Bonneau. The larger sites have learned the hard way that privacy is important.

New Scientist attempted to contact Facebook for an insider’s perspective on this subject, but without success.